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An approach for engineering student exercises using the Internet is described. In this approach, 
for a given exercise, each student receives the same problem, but with different data. The 
exercise content can be static or dynamic, and the dynamic form can be timeless or real-time. 
The implementation provides immediate feedback to the students, letting them know if their 
submitted answers are correct. Student results for each exercise are recorded in log files which 
are available to the instructor. Example exercises from engineering computer security and 
cryptography courses are presented. 
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Introduction 

An approach for engineering student exercises using the Internet is described. In this approach, 
for a given exercise, each student receives the same problem, but with different data. Alternatively, 
each student could receive different or slightly different problems with the same or different data. 

The exercise content can be static or dynamic. In the static form, each time a student accesses an 
exercise, the same data is presented. This allows students to work offline on problems and return 
later to submit their solutions. In the dynamic form, each time a student accesses an exercise, 
different data is presented. The data is generated pseudo-randomly, based on the student UserK), 
so it can be reproduced for the static exercises. 

The dynamic form can be timeless or real-time. For a timeless dynamic exercise, students can 
work offline on the problem as long as the original data web page is preserved in their browser or 
saved in a file. For real-time dynamic exercises, students must submit their answers within a small 
time window, e.g. 60 seconds. The real-time exercises are implemented using a custom server 
process running on an Internet site; the other types of exercises are implemented using a standard 
web server environment. 

The implementation provides immediate feedback to the students, letting them know if their sub- 
mitted answers are correct. For a multi-part exercise, which requires a sequence of answers, this 
allows the students to complete the exercise part-by-part, moving on to successive sections as each 
part in the sequence is completed correctly. For correctly completing an exercise, students may be 
given a "reward". Examples of rewards are: an opportunity to try a harder exercise for extra credit; 
a random interesting adage from the Unix fortune utility; or simply a congratulatory statement. 

Student results for each exercise are recorded in log files which are available to the instructor. The 
results can be easily processed in an automated fashion for grading. The log files are also useful 
for analyzing the behavior of students by looking at the time they started working on an exercise 
(e.g. a week before it was due or an hour before it was due) and how many incorrect attempts they 
made before submitting the correct answers. This can help the instructor identify students who are 
performing extra well, or who may need extra help. 

Example exercises from engineering computer security and cryptography courses will be pre- 
sented, including a man-in-the-middle scenario and an exercise in secure authentication and con- 
fidentiality over an insecure channel. 

Static Examples 

Figure[T]shows an example where the student must solve a modular equation for a single unknown. 
The equation represents a linear congruential pseudo-random number generator. Here the student 
has submitted an incorrect answer: 

UserlD: fred 

Your answer for xO is wrong. 
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UserlD: fred 

ti = (a xo + c} mod in 

1064325048971 = xl 
386173047307 = a 
44436739943 = c 
1071322948639 = m 



xO = I 



Figure 1 : Static Example with a Single Answer 



and here the student has submitted the correct answer: 



UserlD: fred 



Your answer for xO is correct. 



UserlD: fred 
Server public key: 

65537 = e 

348651731396514990589362915149 = n 
Credit- card number: 

Plaintext = 1080702217618882 
Ciphertext = | 



Number of kegs: 



Figure 2: Static Example using RSA to Digitally Sign a Credit Card Number 



Figure [2] shows another static example using RSA to digitally sign a "credit-card" number for a 
fake online transaction, with an option to specify how many kegs of "milk" to order. The option is 
ignored when checking the results, but it makes the exercise a little more fun for the students. An 
example of correct results: 

UserlD: fred 

Your credit-card number is valid. 



Your milk order will be shipped today! 
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UserlD: fred 

0110000100 



key ■■ 
Kl = 
K2 = 



| 00001100 

Inoooioo 



01110100 



plaintext = 10100101 
after IP = 
after 1st fK = 
after SW « 
after 2nd fK = 
ciphertext = 



Figure 3: Static Multi-part Example 



A multi-part example, requiring a sequence of answers, is shown in Fig. [3] In this exercise the 
student must perform encryption and show intermediate results using a simplified form of the Data 
Encryption Standard. An incorrect calculation by the student for one part would cause subsequent 
parts to be incorrect. By submitting partial results, the student is able to complete the exercise 
part-by-part, moving on to successive parts as each step in the sequence is completed correctly: 

UserlD: fred 



Your 


answer 


for 


Your 


answer 


for 


Your 


answer 


for 


Your 


answer 


for 


Your 


answer 


for 


Your 


answer 


for 


Your 


answer 


for 



Kl is correct. 
K2 is correct. 
IP is correct. 
fKl is wrong. 
SW is wrong. 
fK2 is wrong, 
c is wrong. 



You have 3 out of 7 parts correct. 



Figure ID shows an example where most of the data is actually dynamically created by the student. 
The student must use their UserlD (treated as a base-36 number, plus 1 if it is even) as the public 
RSA exponent, but the other values are left for the student to create on their own, within certain 
constraints. The exercise involves designing a two-user split RSA key, and using the key to pro- 
duce a digital signature. The message to be signed is randomly generated using the Unix fortune 
utility, and changes each time the student accesses the exercise, so this exercise is only partially 
static. 

The process of checking the student results in this case uses a conversational style, simulating what 
an instructor might do when discussing student results in person. At the end, if all six parts are 
correct, the student is given positive feedback: 
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UserlD = fred 

All values are in decimal 

Enter your RSA2 key parameters: 



d A = (_ 
d B = Q 

Message to be signed: tu = 

"Consequences, Schmonsequences , as long as I'm rich." 

-- "Ali Baba Bunny" [1957, Chuck Jones] 

Hash of the message to be signed: h(m) = 229595415021476407239308023673270725313062813344 

Enter the signature for h{m) : 

sab = ( 

Submit 

Figure 4: Two-user RSA Key Example 



UserlD: fred 

e is correct, let's check p next: 

bitLength (p) == 128, good... 

p is prime, almost there for p... 

gcd(e,p-l) == 1, p is ok, let's check q next: 

q != p, that's a good start... 

bitLength(q) == 128, good... 

q is prime, almost there for q. . . 

gcd(e,q-l) == 1, q is ok, let's check d_A next: 

bitLength (d_A ) >= 240, good... 

gcd(d_A ,p-l) == 1, almost there for d_A ... 

gcd(d_A ,q-l) == 1, d_A is ok, let's check d_B next: 

d_B != 1, that's a good start... 

e*d_A *d_B == 1, Brilliant! 

h (m) is valid, checking signature: 

s_AB is valid. 

You have 6 out of 6 parts correct. You are the master of RSA2 ! 
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Timeless Dynamic Examples 



Each time a student accesses a dynamic exercise, different data is presented. For a timeless dy- 
namic exercise, students can work offline on the problem as long the original data web page is 
preserved in their browser or saved in a file. 



UserlD: fred 

Current time = 1285158913377 (Wed Sep 22 08:35:13 EDT2010) 

Here are some random numbers: 

7131683955462899639 
2371508780648774125 
627418875016148120 

I bet you can't guess the next number in the sequence: 
next = | ] 
Submit 



Figure 5: Dynamic Example Based on the Current Time 



Figure \5\ shows a dynamic example where the data depends on the date and time at which the 
student accesses the exercise. The data is generated using Java's Random class, initialized using a 
value close to the time of day in milliseconds. Using a program to check times near the one given, 
the student can reproduce the pseudo-random sequence and generate the next value: 

UserlD: fred 

Your answer is correct. You win! 

That was fun. Are you ready for a harder problem? 

Try this: I'll give you just one value from nextLongO, using an instance 
of Random initialized in a secret way, not related to the time of day. 
And I bet you can't guess the next number ... <link to continue here> 

As shown above, when the correct answer is submitted, the student is challenged to solve a harder 
problem. If the student proceeds, a new exercise is generated dynamically, based on Java's Random 
class initialized in an unpredictable manner, as shown in Fig.[6l If the student is able to solve this 
harder problem, they are congratulated: 

UserlD: fred 

Your answer is correct. 

I give up! You are the master of pseudo-random numbers! 
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UserlD: fred 

Here is one Random number from nextLongO : 

1979696279406681749 

I bet you can't guess the next number: 



next = | 




Figure 6: Dynamic Challenge Exercise 



In the previous example the exercise was split into two parts, with the second part representing a 
challenge which is presented only after the first part is solved correctly. It is also possible to split 
an exercise into multiple parts based on logical aspects of the problem being solved. An example 
of this is shown in Figs. [7J and [H where the student initiates a man-in-the-middle attack on the 
Diffie-Hellman key agreement protocol in the first part, and in the second part the attack continues 
by decrypting the secret communications. The caricatures of Alice, Darth, and Bob in Fig. [7J are 
from S tailings^. 

If incorrect results are submitted, the student is informed about which parts were wrong, and 
encouraged to try again: 

Man in the Middle 
UserlD: fred 

Your value for M is wrong and your value for Cb is wrong, (checking... 
Ka=l Kb=l) Ka and Kb are equal, that's non-standard! But Ka and/or Kb 
are trivial, that doesn't count. XTa 1 XTb 1 

Get back in the middle and try again. 



Real-time Dynamic Examples 

For real-time dynamic exercises, students must submit their answers within a small time window. 
In the following examples the time window is 60 seconds, i.e. the connection is dropped if the 
student does not respond to any prompt within that time limit. This is implemented on the server 
side using a simple socket timeout option, and prevents failed server processes from accumulating 
indefinitely. 

In these examples, the student uses a telnet client to communicate with the server and values are 
sent and received in plain text using hex. In a more advanced course, the student may be required to 
write a C or Java program to perform the network communications, sending and receiving binary 
values directly. In that case the timeout would be set much lower, e.g. 10 seconds. 
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Man in the Middle 

UseriD: fred 

Alice QDd Bob ore performing tie Difne-Hellman key exchange piOTDCdl. 
■foil can intercept and change what is sent 




Alice 




Uai Mi 



Bob 1 b public 'j al u e : 66a5456?S2a2e3a42?6ei^toI.a&432?S-2SB9698EI733743B3. 




DH ParametEra: 

957EI9731EI3SSEI997735965S9EI44S35352e32EISlB555B73EI7555593913263b220434B99. 




Figure 7: Man-in-the-middle Part 1 



The first example demonstrates a one-way authentication attempt where the student does not re- 
spond correctly to the challenge. In a correct response, the student would use their personal course- 
assigned password key to encrypt the challenge. Seinfeld fans may note a similarity to a certain 
soup kitchen episode in the authentication failure response: 

% telnet fog.misty.com 
Trying 198.137.254.19. . . 
Connected to fog.misty.com. 
Escape character is '*]'. 
UserlD: fred 
Request #: 1 

Challenge: e9b24781elfc0037 
Response: abc 

Authentication failed. No fortune for you! 

The next example shows one-way authentication with a correct response from the student. In 
this case the student is rewarded with a random fortune. Note that the challenges are generated 
randomly and will vary with each connection attempt: 
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Man in the Middle 

UserlD: fred 

Alice has encrypted a message Nf for Bob by XQR'ing it with her derived DH key. 
Decrypt the message, and re-encrypt it for Bob: 

Ciphertext from Alice: 3Q545049261B73902891467296Q4974808534B81915Q3; 

PI airrt eit H: j 
Ciphertext sent to Bob: I 




Figure 8: Man-in-the-middle Part 2 



UserlD: fred 
Request #: 1 

Challenge: 88ce062ea5f 139b6 
Response: ee47da0f 6691bc60 

Authentication succeeded. Here is your random fortune: 

"And it's my opinion, and that's only my opinion, you are a lunatic. 
Just because there are a few hundred other people sharing your lunacy 
with you does not make you any saner. Doomed, eh?" 

— Oleg Kiselev, oleg@CS.UCLA.EDU 

The next level of the exercise uses two-way authentication, where the student challenges the server 
to encrypt a value. To ensure that the student decrypts the server response and checks the result, 
the server chooses one of the challenge bytes at random and changes it to a random value. After 
decrypting, the student must identify which byte was changed and return that as the "check byte": 

UserlD: fred 
Request #: 2 

Challenge: Ic3ec315353599ac 

Response: e8f 6b957e9d2b0ed 

Your challenge for me: aabbccdd00112233 

My response: bb738ef 05dl4 97c9 

Check byte: cb 

Authentication succeeded. Here is your random fortune: 

The face of war has never changed. Surely it is more logical to heal 
than to kill . 

— Surak of Vulcan, "The Savage Curtain", stardate 5906.5 
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The final level of the exercise uses two-way authentication with confidentiality. In this case, the 
random fortune is encrypted using a key which depends on the student course-assigned password 
and the two challenges: 

UserlD: fred 
Request #: 3 

Challenge: 841012a067425bla 

Response: aef 79354alb6cec7 

Your challenge for me: 0011223300112233 

My response: b4 1 8 8 2 5c53 1 8 37 

Check byte: 74 

Authentication succeeded. Here is your random fortune: 

KVvUeBXI / 0kQ3A8TFa/G4 zBlSkVPxLOOdgBIF0QGYdqu7 8eFR5vacYmqcIHp 
XQlRbQjVdHlflQ50dOh+mczG+uGUNXiPV98pJEQVOLVjmE70SKrwx7 98oGyx 
530fkjYM2wb55qzF4khrJB8mu94qBdP9Qm8XdePI/HrIEkypqUU7 6ALrGs0+ 
GWFBvHp5VQO JXwQGbTf qgoBz JQaMBp2 0WEYoXL5ZfNQ2nE9rM8ocVMb+nYIy 
lJzn+SUgOAq9gZrQDEDpWxc0Lo/rEBlMcxH9Wpu2zXuwqQPE92nXmkOI+5Bw 
Tn8xqq5gDwbHq+zqdO2sOL7KeMyVSy0eiQ== 

When the student decrypts the message, the random fortune and a "user authentication code" are 
displayed: 

To a Californian, the basic difference between the people and the 
pigeons in New York is that the pigeons don't crap on each other. 
— From "East vs. West: The War Between the Coasts 

7144cd971alc9d8b5d9ac68c4aeleefla20 6e7 81ele47f73e2c34e93ed6cd06e 



User Authentication Code Check 

YourUAC: 




Figure 9: Submitting the User Authentication Code 



The user authentication code is generated pseudo-randomly, based on the student UserlD, and is 
used by the student to prove that they decrypted the message by submitting it via a web form as 
shown in Fig.|9l 
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Analyzing and Grading Student Results 

Student results for each exercise are recorded in log files which can be easily processed in an 
automated fashion for grading. For example, the following results were generated from the log 
files for an assignment which had four parts with each part worth 25 points: 

fred 25 25 25 25 
alice 25 5 25 15 
bob 25 25 25 
sam 25 25 10 25 
tony 25 25 
phil 25 25 
harry 25 15 25 25 
nancy 25 25 25 

Partial credit can be automatically computed for multi-part exercises where the student only com- 
pleted some of the parts correctly. Some credit for effort can also be automatically assigned for a 
student who did not supply a correct answer for an exercise but made many attempts to do so. 

Detailed results can be produced for each student and exercise, showing when and how often the 
student attempted to solve the exercise, including incorrect attempts, for example: 

25 



log count = 10 



Sun 


Apr 


4 


19: 


:39: 


:45 


EDT 


2010 


fred 


You 


have 


1 


out 


of 


3 


parts 


correct 


Fri 


Apr 


9 


22 : 


:58: 


:24 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Fri 


Apr 


9 


23: 


:19: 


:39 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Fri 


Apr 


9 


23: 


:26: 


:14 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Fri 


Apr 


9 


23: 


:32: 


:49 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Sat 


Apr 


10 


00: 


:20: 


:24 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Sat 


Apr 


10 


00: 


:31: 


:49 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Sat 


Apr 


10 


00: 


:38: 


:52 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Sat 


Apr 


10 


11 : 


:33: 


:25 


EDT 


2010 


fred 


You 


have 


2 


out 


of 


3 


parts 


correct 


Sat 


Apr 


10 


18: 


:37: 


:42 


EDT 


2010 


fred 


You 


have 


3 


out 


of 


3 


parts 


correct 



This shows that fred had no trouble with parts 1 and 2 of the exercise, obtaining the correct answers 
on the first try, but had some trouble with part 3, finally supplying the correct answer after 7 or 8 
failed attempts. 

Students are never penalized for incorrect attempts; in fact, they are encouraged to enter random 
junk to start with for an exercise just to see how the results are processed, and this is generally 
demonstrated in class when a set of exercises is first assigned. 

In computer security courses the students are also encouraged to examine the exercise interfaces 
closely and try to "break" the system if they can, i.e. try to have a correct response logged without 
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actually supplying a correct answer. So far, that has never happened, although maybe it did and 
was just not detected. 

Conclusion 

The approach for engineering student exercises using the Internet was demonstrated using exam- 
ples from computer security and cryptography courses. For a given exercise, each student receives 
the same problem, but with different data. This approach is applicable to any type of engineer- 
ing exercise where the correct answers are suitable to be checked automatically, which includes 
numerical and computational types of exercises, and perhaps others. 
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